I’m trying to setup an ingestion on Datahub with Nifi, And I’m having the following error:
<https://nifi-console-dev01-nifi.apps/nifi/> <class 'requests.exceptions.SSLError'>: HTTPSConnectionPool(host='nifi-console-dev01-nifi.apps', port=443): Max retries exceeded with url: /nifi-api/flow/about (Caused by SSLError(SSLError(0, 'Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:811)')))
My setup is the following:
type: nifi
config:
site_url: '<https://nifi-console-dev01-nifi.apps/nifi/>'
auth: CLIENT_CERT
ca_file: /nifi/ca.crt
client_cert_file: /nifi/tls.crt
client_key_file: /nifi/tls.key```
The ca certificate is valid, if I'm trying to check with a curl providing the ca it works properly.
The error you’re encountering is related to SSL verification when trying to connect to your NiFi instance. This issue often arises when there is a mismatch in SSL configurations, such as using a self-signed certificate or incorrect SSL context settings.
Based on the <Slack discussion>, here are some steps you can take to resolve the issue:
SSL Verification: If you are using a self-signed certificate, you might need to disable SSL verification for testing purposes. You can do this by setting the ca_file configuration to False in your DataHub configuration file. This will bypass SSL certificate validation.
Python Version Compatibility: There is a known issue with Python 3.10 when creating the SSL context with CLIENT_AUTH. If you are using Python 3.10, consider modifying the SSL context to use SERVER_AUTH instead. This change has been reported to work successfully with Python 3.9.
Configuration Example: Ensure your configuration file for NiFi ingestion is correctly set up. Here is an example configuration snippet:
Testing with CLI: If you are using both CLI and UI for ingestion, test the configuration with the CLI first to ensure it works before applying it to the UI.
Would you like more detailed guidance on any specific part of the configuration or troubleshooting steps?
Sources:
<Slack discussion on SSL Configuration> 0 button 0 button Hint: Mention @runllm in the thread for followups.
Locate the nifi.py File: This file is part of the DataHub ingestion source code. You can find it in the metadata-ingestion/src/datahub/ingestion/source/ directory of the DataHub project.
Modify the SSL Context: In the nifi.py file, locate the section where the SSL context is created. You will find a line similar to this:
Rebuild and Test: After making this change, rebuild your DataHub ingestion setup and test the connection to your NiFi instance to ensure that the issue is resolved.
Would you like more detailed instructions on how to rebuild the DataHub ingestion setup after making this change?